Tagged Questions

Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions. Commonly, test automation involves automating a manual process already in ...

I'm about to launch a web api using OAuth2 for authentication (authorization code, implicit and client credentials flows). The protocol is implemented using the DotNetOpenAuth v4.3 library. Although a ...

Does anyone know if PathPing or NMAP can ping or scan from predefinded source IPs?
I am checking connectivity from agents on remote hosts to a destination site from my host.
Is there a switch or tool ...

I asked this question on StackOverflow but got no answers so I thought that I would try my luck here since fuzzing is closely related to security and often used in vulnerability assessment tests.
I'm ...

Background:
A nice Chinese based manufacturer (AllWinner Technology Co.Ltd) produces very useful SoC used boards that often claim to be open source hardware.
Question:
If need be is there by way of ...

When it comes to technologies that directly affect information security, how do you determine when it is better to use an automatic option instead of a manual option, and vice versa? I already feel ...

I am new to Security testing and I am working on a 64-bit ARM server.
We are using ARM TrustZone technology.
Is it possible for me to check if I am in the Secure world or the Normal world?
How do I ...

I am a QA Engineer, but have been tasked with creating a security testing platform. I have many years with Backtrack/Kali and my primary OS are Arch and Ubuntu. The Systems guys here gave me a CentOS ...

I am looking for a tool to verify the configuration of ssl/tls settings in the browser. I have found a few sites that enumerate supported ciphers and the preferences but none of them seem to provide ...

I have a question I am hoping someone could help with..
I am in the process of writing an SQL Injection tool from scratch (I am aware there are already excellent tools out there such as SQL Map, but ...

I have a problem I'm hoping someone could help with regarding the fingerprinting of the DBMS using sql injection, in a scripted/automated way to accurately and reliabling determine the DBMS.
I am in ...

Is there some kind of automated scanning tool which detects threats in Open Source Java Libraries?
I think the OWASP Orizon project tried to build such a tool, but it seems to be inactive for years ...

For example, say an unsuspecting visitor gets a link security.stackexchange.com/.... Then it re-opens the login page, with or without an explanation as to why they have to log in again. (this is more ...

While reading the updated Top 25 exploits in the Common Weakness Enumeration I came across an exploit that I was not familiar with. It is numbered CWE-619: Dangling Database Cursor.
I was wondering ...

What evaluation criteria would you use to select the right Oracle scanning tool?
Context:
To deploy an automated scanning tool (nessus / SQuirreL etc) for use by both development teams and security ...

What are the advantages of using automated tools, as opposed to manual review? What are the disadvantages?
This applies both to external blackbox vulnerability scanning, and to static code analysis.
...

What are some good web-based website security scanning solutions? I'm not too concerned if they are web-based solutions, or software that can be run locally.
Generally, I'm looking for something we ...